Issue with Deleting App Service SSL Certificate - Thumbprint Not Found

[verttimakikyro]

Describe the bug

When attempting to delete an App Service SSL certificate, the operation fails with an error stating "Certificate for thumbprint not found." Despite confirming the correctness of the thumbprint with the az cli command az webapp config ssl show --resource-group {resource-group} --certificate-name {name}

If I use command az webapp config ssl list --resource-group, it appears that this command returns only four certificates. Consequently, attempting to delete a certificate not listed in these four results in an error.

Related command

az webapp config ssl delete --resource-group --certificate-thumbprint .

Errors

Certificate for thumbprint 'xxxx' not found

Issue script & Debug output

cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/usr/local/Cellar/azure-cli/2.54.0/libexec/lib/python3.11/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/Cellar/azure-cli/2.54.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 663, in execute
raise ex
File "/usr/local/Cellar/azure-cli/2.54.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/Cellar/azure-cli/2.54.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 718, in _run_job
return cmd_copy.exception_handler(ex)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/Cellar/azure-cli/2.54.0/libexec/lib/python3.11/site-packages/azure/cli/command_modules/appservice/commands.py", line 46, in _ex_handler
raise ex
File "/usr/local/Cellar/azure-cli/2.54.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 697, in _run_job
result = cmd_copy(params)
^^^^^^^^^^^^^^^^
File "/usr/local/Cellar/azure-cli/2.54.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/init.py", line 333, in call
return self.handler(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/Cellar/azure-cli/2.54.0/libexec/lib/python3.11/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
^^^^^^^^^^^^^^^^^^
File "/usr/local/Cellar/azure-cli/2.54.0/libexec/lib/python3.11/site-packages/azure/cli/command_modules/appservice/custom.py", line 2980, in delete_ssl_cert
raise ResourceNotFoundError("Certificate for thumbprint '{}' not found".format(certificate_thumbprint))
azure.cli.core.azclierror.ResourceNotFoundError: Certificate for thumbprint 'my-thumbprint' not found

Expected behavior

The az webapp config ssl delete command should successfully delete the specified SSL certificate.

Environment Summary

azure-cli 2.54.0

core 2.54.0
telemetry 1.1.0

Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2

Python location '/usr/local/Cellar/azure-cli/2.54.0/libexec/bin/python'

Python (Darwin) 3.11.6 (main, Oct 2 2023, 13:45:54) [Clang 15.0.0 (clang-1500.0.40.1)]

Additional context

No response

[azure-client-tools-bot-prd]

Hi @verttimakikyro
Find similar issue #13929.

Issue title	Webapp:az webapp config ssl bind: Cannot find certificate in other Resource groups
Create time	2020-06-10
Comment number	8

---

Please confirm if this resolves your issue.

[yonzhan]

Thank you for opening this issue, we will look into it.

[microsoft-github-policy-service]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzureAppServiceCLI, @antcp.

[jayintheoffice]

How does this issue gain more traction/visibility?

The 'az webapp config ssl show' command is capable of retrieving a certificate by name and presenting the thumbprint of the certificate.

The 'az webapp config ssl delete' command neither takes a certificate name as a parameter (as a possible workaround/alternative) and so demands the thumbprint is provided. But it's incapable of finding the very same certificate the 'ssl show' command can find.

This is true of v2.67.0.

Is this somehow related to the inconsistent behavior of the 'az webapp config ssl list' command? 'ssl list' is often incapable of actually presenting a full list of certificates, generally reporting an empty array despite there being one or more visible in the portal or retrievable by the 'ssl show' command. Some have reported that querying the certificates through the Azure PowerShell module or the REST API somehow impacts the 'ssl list' operation's ability to find them.